[Secure-testing-team] Bug#684964: citadel-server: world writable config file: /etc/citadel/netconfigs/7
Andreas Beckmann
debian at abeckmann.de
Wed Aug 15 08:14:02 UTC 2012
Package: citadel-server
Version: 7.83-2squeeze2
Severity: important
Tags: security
User: debian-qa at lists.debian.org
Usertags: piuparts
Hi,
during an experimental test with piuparts I noticed that your package
creates a world writable config file:
-rw-rw-rw- 1 citadel root 11 Aug 8 09:45 /etc/citadel/netconfigs/7
The /etc/citadel/netconfigs directory is citadel:root 0700, so the world
writable file is not accessible to local users in a default
installation (therefore only severity important).
Andreas
More information about the Secure-testing-team
mailing list